bd3dc2961f78acd9c1a7f643076c84ef34d71b670e82d3a938f1575a14a813ba

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
Size

104KB
MD5

14c9eff08ff2d9d69d04d8faca26f740
SHA1

556a9051e61e50abda912b0f179529c1f02b3c18
SHA256

bd3dc2961f78acd9c1a7f643076c84ef34d71b670e82d3a938f1575a14a813ba
SHA512

3dc4ea1aff0d145dec4f9135b18c55630a70bf2022d7dc6fcf17e147852081169082f5da6bc8e3dc35585230947c613d5bf6ff6243e7a89e024570c28cb68e4b
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgExfWVP2i:tFPxPke+eIdWVt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3390) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14c9eff08ff2d9d69d04d8faca26f740_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
104KB

MD5
342da20f451e204bca5f1a9c95c34086

SHA1
e3156f4a9d4f91adeb9c4e349810a89d4964292e

SHA256
77bf7d7a73cef14fa2ba8047783577823d6c8c7728b6d10bddbbd64102e29b03

SHA512
d3fa5fe242269dfa1f8adf9ada7ec8d81c572e539c6ebb5dd937279f3a618b9c882f18a912a04afaa29d5cf433febbf6227becda3de1da81c1aa34a976b34094

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
5e162d63d4c24b49c8758079bed102f0

SHA1
ae54bd4ff9777958edfd46a402702223c352931c

SHA256
693d1131e559829856e201fb62f5b4fe2e6e578da83715f56a904706aa6c9597

SHA512
f4d4aecb277197ee1015103e20ee9c357df88d6a9b269962106f2a1ef84b41e1c26400e2c45e262c60b2ebc8cf013e4b3fa9a4cb7a85e31f48e2ea17138ee317

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads